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EXAMINER'S AMENDMENT 

1 . An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

2. Authorization for this examiner's amendment was given in a telephone interview 
with Bobby K. Truong (Reg. No. 37,499) on January 29, 2009. 

3. Amend the claims as follows: 
1-27. (Canceled) 

28. (Previously Presented) A machine-implemented method, comprising: 

establishing, within a global operating system environment provided by an 
operating system (OS) kernel, a first non-global zone which serves as a first virtual 
platform for supporting and isolating user processes, wherein the first non-global zone is 
a separate and distinct OS partition of the global operating system environment having 
a first zone identifier associated therewith, and wherein the first non-global zone is 
established and exists without requiring any user processes to be running therein; 

establishing, within the global operating system environment, a second non- 
global zone which serves as a second virtual platform for supporting and isolating user 
processes, wherein the second non-global zone is a separate and distinct OS partition 
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of the global operating system environment having a second zone identifier associated 
therewith, and wherein the second non-global zone is established and exists without 
requiring any user processes to be running therein; 

executing a first set of one or more user processes within the first non-global 

zone; 

executing a second set of one or more user processes within the second non- 
global zone; and 

isolating the first set of one or more user processes within the first non-global 
zone and the second set of one or more user processes within the second non-global 
zone such that the first set of one or more user processes cannot access processes in 
the second non-global zone and the second set of one or more user processes cannot 
access processes in the first non-global zone; 

wherein the first and second non-global zones are established by the OS kernel, 
and wherein the OS kernel enforces zone boundaries to isolate the first set of one or 
more user processes within the first non-global zone and the second set of one or more 
user processes within the second non-global zone. 

29. (Currently Amended) The method of claim 28, wherein the OS kernel provides 
services that are invoked by the first set of one or more user processes, and wherein 
the services are invoked by the first set of one or more user processes through the first 
virtual platform. 
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30-31 . Canceled 
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32. (Previously Presented) The method of claim 28, 

wherein a first set of resources are associated with the first non-global zone and 
a second set of resources are associated with the second non-global zone; 

wherein the first set of resources are accessed by the first set of one or more 
user processes through the first virtual platform and the second set of resources are 
accessed by the second set of one or more user processes through the second virtual 
platform; and 

wherein the first set of resources and the second set of resources each include 
one or more resources from the group consisting of a network interface, a 
communications interface, a file system, a system console, a DASD address, and an 
operating system service process. 

33. (Currently Amended) The method of claim 32, wherein isolating the first set of 
one or more user processes within the first non-global zone and the second set of one 
or more user processes within the second non-global zone further comprises: 

preventing the first set of one or more user processes from accessing the second 
set of resources associated with the second non-global zone; and 

preventing the second set of one or more user processes from accessing the first 
set of resources associated with the first non-global zone. 
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34. (Currently Amended) The method of claim 32, wherein executing the first set of 
one or more user processes within the first non-global zone causes a first application 
environment to be established within the first non-global zone, and wherein the method 
further comprises: 

receiving a command to halt the first non-global zone; 

in response to the command to halt the first non-global zone: 

terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
disassociating the first set of resources from the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the 
first non-global zone. 

35. (Currently Amended) The method of claim 32, wherein executing the first set of 
one or more user processes within the first non-global zone causes a first application 
environment to be established within the first non-global zone, and wherein the method 
further comprises: 

receiving a command to halt the first non-global zone; 

in response to the command to halt the first non-global zone: 

terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
performing one or more tasks from the group consisting of stopping a 
scheduler process, unmounting one or more file systems, closing 



Application/Control Number: 1 0/761 ,622 Page 6 

Art Unit: 2194 

one or more network interfaces, and removing configurations for 
devices associated with the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the 
first non-global zone. 

36. (Previously Presented) The method of claim 28, further comprising: 

allowing a first administrator to manage processes and resources within the first 
non-global zone, wherein the first administrator is not allowed to manage processes and 
resources within the second non-global zone; and 

allowing a second administrator to manage processes and resources within the 
second non-global zone, wherein the second administrator is not allowed to manage 
processes and resources within the first non-global zone. 

37. (Previously Presented) The method of claim 28, wherein establishing the first 
non-global zone comprises: 

assigning the first zone identifier, plumbing one or more network interfaces, and 
mounting one or more file systems; 

wherein establishing the first non-global zone does not include executing user 
processes within the first non-global zone. 

38. (Previously Presented) The method of claim 37, wherein the configuration 
information comprises one or more parameters from the group consisting of a zone 
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name, a path to a root directory for the first non-global zone, specification of one or 
more file systems to be mounted when the first non-global zone is created, specification 
of one or more network interfaces, specification of one or more devices to be configured 
when the first non-global zone is created, and specification of resource controls to be 
imposed on the first non-global zone. 

39. (Previously Presented) The method of claim 28, wherein executing the first set 
of one or more user processes within the first non-global zone comprises: 

executing an initialization process; and 

initializing, by the initialization process, execution of the first set of one or more 
user processes. 

40. (Previously Presented) A machine-readable storage medium storing one or 
more sets of instructions which, when executed by one or more processors, cause the 
one or more processors to perform the steps of: 

establishing, within a global operating system environment provided by an 
operating system (OS) kernel, a first non-global zone which serves as a first virtual 
platform for supporting and isolating user processes, wherein the first non-global zone is 
a separate and distinct OS partition of the global operating system environment having 
a first zone identifier associated therewith, and wherein the first non-global zone is 
established and exists without requiring any user processes to be running therein; 
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establishing, within the global operating system environment, a second non- 
global zone which serves as a second virtual platform for supporting and isolating user 
processes, wherein the second non-global zone is a separate and distinct OS partition 
of the global operating system environment having a second zone identifier associated 
therewith, and wherein the second non-global zone is established and exists without 
requiring any user processes to be running therein; 

executing a first set of one or more user processes within the first non-global 

zone; 

executing a second set of one or more user processes within the second non- 
global zone; and 

isolating the first set of one or more user processes within the first non-global 
zone and the second set of one or more user processes within the second non-global 
zone such that the first set of one or more user processes cannot access processes in 
the second non-global zone and the second set of one or more user processes cannot 
access processes in the first non-global zone; 

wherein the first and second non-global zones are established by the OS kernel, 
and wherein the OS kernel enforces zone boundaries to isolate the first set of one or 
more user processes within the first non-global zone and the second set of one or more 
user processes within the second non-global zone. 
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41 . (Currently Amended) The machine-readable storage medium of claim 40, 
wherein the OS kernel provides services that are invoked by the first set of one or more 
user processes, and wherein the services are invoked by the first set of one or more 
user processes through the first virtual platform. 

42-43. Canceled 

44. (Previously Presented) The machine-readable storage medium of claim 40, 
wherein a first set of resources are associated with the first non-global zone and 

a second set of resources are associated with the second non-global zone; 

wherein the first set of resources are accessed by the first set of one or more 
user processes through the first virtual platform and the second set of resources are 
accessed by the second set of one or more user processes through the second virtual 
platform; and 

wherein the first set of resources and the second set of resources each include 
one or more resources from the group consisting of a network interface, a 
communications interface, a file system, a system console, a DASD address, and an 
operating system service process. 

45. (Currently Amended) The machine-readable storage medium of claim 44, 
wherein isolating the first set of one or more user processes within the first non-global 
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zone and the second set of one or more user processes within the second non-global 
zone further comprises: 

preventing the first set of one or more user processes from accessing the second 
set of resources associated with the second non-global zone; and 

preventing the second set of one or more user processes from accessing the first 
set of resources associated with the first non-global zone. 

46. (Currently Amended) The machine-readable storage medium of claim 44, 
wherein executing the first set of one or more user processes within the first non-global 
zone causes a first application environment to be established within the first non-global 
zone, and wherein the machine-readable storage medium further stores one or more 
sets of instructions for causing the one or more processors to perform the steps of: 

receiving a command to halt the first non-global zone; 

in response to the command to halt the first non-global zone: 

terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
disassociating the first set of resources from the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the 
first non-global zone. 

47. (Currently Amended) The machine-readable storage medium of claim 44, 
wherein executing the first set of one or more user processes within the first non-global 
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zone causes a first application environment to be established within the first non-global 
zone, and wherein the machine-readable storage medium further stores one or more 
sets of instructions for causing the one or more processors to perform the steps of: 
receiving a command to halt the first non-global zone; 
in response to the command to halt the first non-global zone: 

terminating all user processes executing within the first non-global zone, 

thereby terminating the first application environment; and 
performing one or more tasks from the group consisting of stopping a 
scheduler process, unmounting one or more file systems, closing 
one or more network interfaces, and removing configurations for 
devices associated with the first non-global zone; 
wherein the second non-global zone is not affected by the command to halt the 
first non-global zone. 

48. (Previously Presented) The machine-readable storage medium of claim 40, 
wherein the machine-readable storage medium further stores one or more sets of 
instructions for causing the one or more processors to perform the steps of: 

allowing a first administrator to manage processes and resources within the first 
non-global zone, wherein the first administrator is not allowed to manage processes and 
resources within the second non-global zone; and 
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allowing a second administrator to manage processes and resources within the 
second non-global zone, wherein the second administrator is not allowed to manage 
processes and resources within the first non-global zone. 

49. (Previously Presented) The machine-readable storage medium of claim 40, 
wherein establishing the first non-global zone comprises: 

assigning the first zone identifier, plumbing one or more network interfaces, and 
mounting one or more file systems; 

wherein establishing the first non-global zone does not include executing user 
processes within the first non-global zone. 

50. (Previously Presented) The machine-readable storage medium of claim 49, 
wherein the configuration information comprises one or more parameters from the 
group consisting of a zone name, a path to a root directory for the first non-global zone, 
specification of one or more file systems to be mounted when the first non-global zone 
is created, specification of one or more network interfaces, specification of one or more 
devices to be configured when the first non-global zone is created, and specification of 
resource controls to be imposed on the first non-global zone. 

51 . (Currently Amended) The machine-readable storage medium of claim 40, 
wherein executing the first set of one or more user processes within the first non-global 
zone comprises: 
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executing an initializer process; and 

initializing, by the initializer process, execution of the first set of one or more user 
processes. 

52. (Currently Amended) An apparatus comprising: 
one or more processors configured to implement: 

means for establishing, within a global operating system environment provided 
by an operating system (OS) kernel, a first non-global zone which serves as a first 
virtual platform for supporting and isolating user processes, wherein the first non-global 
zone is a separate and distinct OS partition of the global operating system environment 
having a first zone identifier associated therewith, and wherein the first non-global zone 
is established and exists without requiring any user processes to be running therein; 

means for establishing, within said global operating system environment, a 
second non-global zone which serves as a second virtual platform for supporting and 
isolating user processes, wherein the second non-global zone is a separate and distinct 
OS partition of the global operating system environment having a second zone identifier 
associated therewith, and wherein the second non-global zone is established and exists 
without requiring any user processes to be running therein; 

means for executing a first set of one or more user processes within the first non- 
global zone; 

means for executing a second set of one or more user processes within the 
second non-global zone; and 
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means for isolating the first set of one or more user processes within the first 
non-global zone and the second set of one or more user processes within the second 
non-global zone such that the first set of one or more user processes cannot access 
processes in the second non-global zone and the second set of one or more user 
processes cannot access processes in the first non-global zone; 

wherein the first and second non-global zones are established by the OS kernel, 
and wherein the OS kernel enforces zone boundaries to isolate the first set of one or 
more user processes within the first non-global zone and the second set of one or more 
user processes within the second non-global zone. 

53-54. Canceled 

55. (Previously Presented) The apparatus of claim 52, 

wherein a first set of resources are associated with the first non-global zone and 
a second set of resources are associated with the second non-global zone; 

wherein the first set of resources are accessed by the first set of one or more 
user processes through the first virtual platform and the second set of resources are 
accessed by the second set of one or more user processes through the second virtual 
platform; and 
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wherein the first set of resources and the second set of resources each include 
one or more resources from the group consisting of a network interface, a 
communications interface, a file system, a system console, a DASD address, and an 
operating system service process. 

56. (Currently Amended) The apparatus of claim 55, wherein the means for isolating 
the first set of one or more user processes within the first non-global zone and the 
second set of one or more user processes within the second non-global zone further 
comprises: 

means for preventing the first set of one or more user processes from accessing 
the second set of resources associated with the second non-global zone; and 

means for preventing the second set of one or more user processes from 
accessing the first set of resources associated with the first non-global zone. 

57. (Currently Amended) The apparatus of claim 55, wherein executing the first set 
of one or more user processes within the first non-global zone causes a first application 
environment to be established within the first non-global zone, and wherein the 
apparatus further comprises: 

means for receiving a command to halt the first non-global zone; 
in response to the command to halt the first non-global zone: 
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means for terminating all user processes executing within the first non- 
global zone, thereby terminating the first application environment; 
and 

means for disassociating the first set of resources from the first non-global 
zone; 

wherein the second non-global zone is not affected by the command to halt the 
first non-global zone. 

58. (Currently Amended) The apparatus of claim 55, wherein executing the first set 
of one or more user processes within the first non-global zone causes a first application 
environment to be established within the first non-global zone, and wherein the 
apparatus further comprises: 

means for receiving a command to halt the first non-global zone; 
in response to the command to halt the first non-global zone: 

means for terminating all user processes executing within the first non- 
global zone, thereby terminating the first application environment; 
and 

means for performing one or more tasks from the group consisting of 
stopping a scheduler process, unmounting one or more file 
systems, closing one or more network interfaces, and removing 
configurations for devices associated with the first non-global zone; 
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wherein the second non-global zone is not affected by the command to halt the 
first non-global zone. 

59. (Previously Presented) The apparatus of claim 52, wherein the means for 
establishing the first non-global zone comprises: 

means for assigning the first zone identifier, plumbing one or more network 
interfaces, and mounting one or more file systems; 

wherein establishing the first non-global zone does not include executing user 
processes within the first non-global zone. 

60. (Previously Presented) The apparatus of claim 59, wherein the configuration 
information comprises one or more parameters from the group consisting of a zone 
name, a path to a root directory for the first non-global zone, specification of one or 
more file systems to be mounted when the first non-global zone is created, specification 
of one or more network interfaces, specification of one or more devices to be configured 
when the first non-global zone is created, and specification of resource controls to be 
imposed on the first non-global zone. 

4. Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 
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CONCLUSION 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KimbleAnn Verdi whose telephone number is (571)270- 
1654. The examiner can normally be reached on Monday-Friday 7:30am-5:00pm EST. 

6. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Meng-Ai An can be reached on (571) 272-3756. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

7. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Meng-Ai An/ 

Supervisory Patent Examiner, Art Unit 2195 



January 30, 2009 
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